Perhaps because UNISOC has been overshadowed by the likes of Qualcomm and MediaTek, its chip firmware used in Android smartphones has not been studied extensively, which is probably why this vulnerability went unnoticed all this time. Since the smartphone modem is easy to access remotely via SMS or a radio packet, it is often targeted by hackers. CPR did an analysis of the UNISOC baseband and discovered a loophole that could be used to block communications.
Although UNISOC may not be the first name that comes to mind when thinking about Android chip manufacturers, it is a far bigger player than Samsung and Huawei. In Q4 2021, UNISOC chips were detected in 11% of phones delivered, making it the fourth-largest vendor. The firm produces low-cost semiconductors that are used in a variety of popular cheap phones in Asia and Africa. A weakness in UNISOC chips has been discovered by Check Point Research, making phone conversations vulnerable to remote hacker assaults.
The E-UTRAN component has a stack called the eNodeB station which manages the communication between the UE and the EPC. One of EPC’s stacks is the mobility management entity (MME), which controls the high-level operations of phones in the LTE network. The MME stack and the UE stack rely on the EPS session management (ESM) and the EPS mobility management (EMM) protocols for communication, which are both hosted by the non-access stratum (NAS).
The evolved packet system (EPS), which is a high-level architecture of the Long-Term Evolution (LTE) tech, consists of three main components: the user equipment (UE), which is a smartphone in this example, the evolved UMTS terrestrial radio access network (E-UTRAN), and the evolved packet core (EPC), and they are all interconnected.
The outlet believes a hacker or military person can use vulnerabilities like this to “neutralize communications in a specific location.” UNISOC was informed about the problem with the baseband in May 2022 and it was patched quickly. Google will publish the patch in the next Android Security bulletin.
The thing with the NAS protocol is that it is more concerned with the wider system and thus, it’s fairly easy for a bad actor to send an EMM packet with the potential to crash the UNISOC modem to the target device. This could lead to Denial of Service (DoS) or Remote Code Execution (RCE). CPR used a Motorola Moto G20 which was on the January 2022 patch as a test device. It is powered by the UNISOC T700. They then harnessed the weaknesses of the system to mess with the NAS message data, which made it possible to carry out a DoS attack.
Every other day we hear about one loophole or the other, so it’s recommended you always keep your phone up to date with security patches and make use of services like ExpressVPN to stay ahead of hackers.